System Administration

Departmental Servers (Security Baseline)

  • The operating system and applications should have the most recent security updates installed.
  • Anti-malware (anti-virus and anti-spyware) applications should be running and up-to-date.
  • Administrative accounts should only be used for system management and not left logged on.
  • Number of administrative accounts on server should be very limited.
  • Windows servers should be added to the LSU Active Directory.
  • Windows servers should remove "Domain Users" from the Users group.
  • Servers should be backed up routinely and those backups should be periodically tested for data integrity and availability.
  • A local firewall should be running and properly configured to limit access to specific ports and/or subnets.
  • Servers storing SSNs must submit a request form to the Office of the University Registrar for approval (PS113: Social Security Number Policy).
  • Servers should log events such as account logins and account changes.
  • User access to servers should be limited to the specific users it serves.
  • Physical access to servers should be very limited (secure location).

Departmental File Servers

  • Access to file shares should be limited to specific users (No open/anonymous shares).
  • Users should be given only the appropriate amount of privileges to access data within the file shares.
  • Personally Identifiable Information (PII) such as credit cards and bank accounts numbers should not be stored unless absolutely necessary.
  • Any Personally Identifiable Information (PII) must be stored on software or hardware encrypted disks.
  • Departmental file servers should follow the best practices security baseline listed above.